The incoming White House Press Secretary, Sean Spicer, said it makes him wonder if President Obama’s anti-Russian measures were “political retribution,” given that a massive hack of federal data in 2015 linked to China saw “not one thing happen” in response.

Spicer brought into question the magnitude of the new sanctions approved by Barack Obama, which included the expulsion of 35 diplomats and the closing of two diplomatic facilities while speaking to ABC’s This Week program hosted by Jonathan Karl and aired on Sunday.

“I think one of the questions that we have is, ‘Why the magnitude of this?’ I mean you look at 35 people being expelled, two sites being closed down, the question is, ‘Is that response in proportion to the actions taken?’ Maybe it was, maybe it wasn’t – but you have to think about that,” Spicer said, adding later, “If you look at our history, you haven’t seen a response like that in modern history for any action.”

Donald Trump’s team member then went on to contrast Obama’s decision with the apparent lack of action on what has been branded the biggest security breach in US government history, when millions of federal employees had their unique fingerprint records stolen. While US officials have accused China of being behind the hack that made headlines in June 2015, the furthest Obama went was to warn Beijing of economic sanctions as President Xi Jinping was visiting the US.

“Hold on let's look at this, in 2015, China took over a million records, sensitive data of people like me who had worked in the government at any time, classified or personal information, where we lived, things we had written down on our applications, our security clearances and… a White House statement wasn’t even issued. No action publicly was taken. Nothing, nothing was taken when millions of people had their private information, including information on security clearances [compromised],” Spicer said.

China has denied it has anything to do with the hacks. After meeting Xi in Washington, DC in September 2015, Obama claimed US and China had agreed not hack each other’s intellectual property.

Spicer, however, argues that following the hack the only thing the White House did was to “send everyone who had worked in the government a letter saying that you get free monitoring of your credit.”

“Not one thing happened. So, there is a question about whether there's a political retribution here versus a diplomatic response,” he added, alluding to the fact that it was the Democratic National Committee’s servers that the White House says “state-sponsored” Russian hackers intruded, and that the information leaked was ultimately damaging to the Democratic presidential candidate Hillary Clinton.

Spicer was cautious when assessing if the incoming president, Donald Trump, should reverse the sanctions, echoing Trump’s promise to get a separate intelligence briefing on the hacking allegations.

“The President-elect needs to sit down with the heads of the intelligence communities next week and get a full briefing on what they knew, why they knew it, whether or not the Obama administration's response was in proportion to the actions taken,” Spicer said.

When pressured by Karl with a question about whether the new FBI/DHS report made Trump “accept the fact that Russia was behind the DNC hack,” Spicer responded that the report did not actually talk about the Russian government being responsible for the hack.

“While the media played it up as this report about the hacking, what it actually is, if you look through it, and its available online, is a series of recommendations that should be taken, like changing passwords, changing administrative rights. What it shows is that by all measures the Democratic National Committee had a very lax IT support,” Spicer pointed out.

Despite being menacingly titled “GRIZZLY STEPPE – Russian Malicious Cyber Activity,” the December 29 report did not provide any evidence the hacking groups described there had any connection to Moscow. The details of the hack itself remained vague, with the target being described as only “a US political party” and no indication given to which batch of leaked emails it referred – DNC’s or Clinton’s campaign chair John Podesta’s. The 13-page report does provide nine pages of security improvement recommendations, as well as a disclaimer saying the DHS “does not provide any warranties of any kind regarding any information contained within.”

Elsewhere in US mainstream media, where the story of the “Russian hacking” has been aggressively pushed, the Washington Post had to walk back on its story alleging that “Russian operation hacked a Vermont utility” which posed a risk “to US electrical grid security.”

The article cited unnamed officials, but the company in question, Burlington Electric, then publicly clarified that there was only “suspicious internet traffic” detected on a laptop not even connected to the grid.

The Post added an editorial note saying, “An earlier version of this story incorrectly said that Russian hackers had penetrated the US electric grid. Authorities say there is no indication of that so far.” The headline, however, was still claiming that, “Russian operation hacked a Vermont utility,” as of late Sunday, accompanied by a picture of Russia’s Federal Security Service (FSB) building in central Moscow.